package com.ibm.ws.security.web;

import com.ibm.IExtendedSecurityPriv.PrincipalAuthenticator;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ejs.models.base.config.applicationserver.WebModuleRef;
import com.ibm.ejs.models.base.config.security.LocalOSAuthentication;
import com.ibm.ejs.models.base.config.security.Security;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.SecurityContext;
import com.ibm.ejs.security.util.Base64Coder;
import com.ibm.ejs.security.util.Cache;
import com.ibm.ejs.security.util.Constants;
import com.ibm.ejs.security.util.CredentialCache;
import com.ibm.ejs.security.util.StringUtil;
import com.ibm.etools.webapplication.WebApp;
import com.ibm.servlet.engine.srt.IPrivateRequestAttributes;
import com.ibm.servlet.personalization.sessiontracking.IHttpSession;
import com.ibm.ws.runtime.Server;
import com.ibm.ws.security.util.ServerSideAuthenticator;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xerces.validators.schema.SchemaSymbols;
import org.omg.CORBA.StringHolder;
import org.omg.Security.OpaqueHolder;

/* loaded from: input_file:lib/security.jarcom/ibm/ws/security/web/FormLoginServlet.class */
public class FormLoginServlet extends HttpServlet {
    private static TraceComponent tc;
    private static CredentialCache credentialCache;
    static Class class$com$ibm$ws$security$web$FormLoginServlet;
    private String loginPage = null;
    private String loginErrorPage = null;
    private boolean sendRedirectComplianceMode = false;
    private WebAttributes webAttrs = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super/*javax.servlet.GenericServlet*/.init(servletConfig);
        try {
            WebModuleRef configuration = getServletContext().getWebAppContext().getConfiguration();
            String property = System.getProperty("com.ibm.websphere.sendredirect.compliance");
            if (property != null) {
                this.sendRedirectComplianceMode = property.equals("1") || property.equalsIgnoreCase(SchemaSymbols.ATTVAL_TRUE);
            }
            WebApp webApp = configuration.getWebApp();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Create WebAttributes for this webApp.");
            }
            this.webAttrs = new WebAttributes(webApp);
            this.loginPage = this.webAttrs.getLoginURL();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login page is: ").append(this.loginPage).toString());
            }
            this.loginErrorPage = this.webAttrs.getReloginURL();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login error page is: ").append(this.loginErrorPage).toString());
            }
        } catch (Exception e) {
            Tr.error(tc, Constants.nls.getString("security.web.form.noWebAppInfo", "Error getting the web app information for form login"), e);
        }
    }

    public void destroy() {
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        formLogin(httpServletRequest, httpServletResponse);
    }

    private void formLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ServerSideAuthenticator serverSideAuthenticator = new ServerSideAuthenticator();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("formLogin, WebAttributes: \n").append(this.webAttrs.toString()).toString());
        }
        Security security = Server.getServerInstance().getApplicationServer().getNode().getDomain().getSecurity();
        String str = (security == null || (security.getActiveAuthMechanism() instanceof LocalOSAuthentication)) ? "LOCALOS" : "LTPA";
        this.loginErrorPage = this.webAttrs.getReloginURL();
        String contextPath = httpServletRequest.getContextPath();
        if (this.loginErrorPage != null && this.loginErrorPage.startsWith("/") && contextPath != null && !contextPath.equals("/") && this.sendRedirectComplianceMode) {
            this.loginErrorPage = new StringBuffer().append(contextPath).append(this.loginErrorPage).toString();
        }
        if (str.equals("LTPA") && !this.webAttrs.isSSOEnabled()) {
            Tr.error(tc, Constants.nls.getFormattedMessage("security.formlogin.badconfig", new Object[]{this.webAttrs.getWebAppName()}, "FormLogin is configured for web application {0} but SSO is not enabled in the global security settings.  SSO must be enabled to use FormLogin."));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Configuration error.  SSO Not enabled when using FormLogin. Redirecting to error page: ").append(this.loginErrorPage).toString());
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(this.loginErrorPage));
            return;
        }
        String parameter = httpServletRequest.getParameter("j_username");
        String parameter2 = httpServletRequest.getParameter("j_password");
        if (parameter == null || parameter2 == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "username and/or password are not present");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(this.loginErrorPage).toString());
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(this.loginErrorPage));
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Form based login: userid/password present in the form. User is: ").append(parameter).toString());
        }
        try {
            CredentialsImpl credential = credentialCache.getCredential(parameter, parameter2);
            if (credential == null) {
                Tr.audit(tc, Constants.nls.getFormattedMessage("security.authn.failed.foruser", new Object[]{parameter}, "Authentication.failed.for.{0}"));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(this.loginErrorPage).toString());
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeURL(this.loginErrorPage));
                return;
            }
            serverSideAuthenticator.setInvocationCredentials(credential);
            ((IPrivateRequestAttributes) httpServletRequest).setPrivateAttribute("AUTH_TYPE", "FORM");
            boolean z = str == "LTPA";
            IHttpSession iHttpSession = null;
            FormLoginInfo formLoginInfo = null;
            if (str.equals("LOCALOS")) {
                iHttpSession = httpServletRequest.getSession(true);
                if (iHttpSession != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Form based login: Store auth data in the HTTP Session");
                    }
                    formLoginInfo = (FormLoginInfo) iHttpSession.getSecurityInfo();
                    if (formLoginInfo == null) {
                        formLoginInfo = new FormLoginInfo(parameter, parameter2);
                    } else {
                        formLoginInfo.setUsername(parameter);
                        formLoginInfo.setPassword(parameter2);
                    }
                    iHttpSession.putSecurityInfo(formLoginInfo);
                }
            } else {
                boolean z2 = false;
                boolean z3 = false;
                boolean z4 = false;
                if (this.webAttrs.isSSOEnabled()) {
                    z4 = true;
                    if (this.webAttrs.isSecureSSO()) {
                        z3 = httpServletRequest.getScheme().equalsIgnoreCase("https");
                        z2 = true;
                    } else {
                        z3 = true;
                    }
                }
                if (z3) {
                    try {
                        StringHolder stringHolder = new StringHolder();
                        OpaqueHolder opaqueHolder = new OpaqueHolder();
                        credential.get_credential_token(stringHolder, opaqueHolder);
                        byte[] bArr = opaqueHolder.value;
                        if (bArr != null) {
                            if (bArr.length == 0) {
                                bArr = null;
                            }
                        }
                        Cookie createCookie = createCookie(this.webAttrs.getLTPACookieName(), Base64Coder.base64Encode(StringUtil.toString(bArr)), z2);
                        if (z4) {
                            this.webAttrs.copyInto(createCookie);
                        }
                        clearCookie(httpServletRequest, httpServletResponse);
                        httpServletResponse.addCookie(createCookie);
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(this.loginErrorPage).toString());
                        }
                        httpServletResponse.sendRedirect(httpServletResponse.encodeURL(this.loginErrorPage));
                        return;
                    }
                }
            }
            String refererURL = iHttpSession != null ? formLoginInfo.getRefererURL() : WebAuthenticator.getCookieValue(httpServletRequest.getCookies(), "WASReqURL");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Successful auth - redirecting to the original URL").append(refererURL).toString());
            }
            if (refererURL == null) {
                Tr.error(tc, "stored URL not found");
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(refererURL));
        } catch (Exception e2) {
            Tr.error(tc, Constants.nls.getFormattedMessage("security.authn.error.foruser", new Object[]{parameter}, "Authentication error during authentication for user {0}"), e2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(this.loginErrorPage).toString());
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(this.loginErrorPage));
        }
    }

    private static void initCache() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initCache");
        }
        try {
            CurrentImpl current = SecurityContext.getCurrent();
            if (current == null) {
                throw new IllegalStateException("can't get security current");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getting SAS current principal authenticator");
            }
            Security security = Server.getServerInstance().getApplicationServer().getNode().getDomain().getSecurity();
            int i = (security == null || (security.getActiveAuthMechanism() instanceof LocalOSAuthentication)) ? 2 : 1;
            boolean z = i == 1;
            PrincipalAuthenticator principal_authenticator = current.principal_authenticator(i);
            String property = System.getProperty(WebAuthenticator.CREDENTIAL_CACHE_SIZE);
            int i2 = 200;
            int valueCacheTimeout = security.getValueCacheTimeout();
            if (valueCacheTimeout <= 0) {
                valueCacheTimeout = 10;
            }
            Cache.setDefaultTimeout(valueCacheTimeout * 1000);
            if (property != null) {
                i2 = new Integer(property).intValue();
            }
            credentialCache = new CredentialCache(principal_authenticator, new Integer(i2).intValue(), valueCacheTimeout * 1000);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initCache");
            }
        } catch (Exception e) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initCache", e);
            }
            throw new IllegalStateException(e.getMessage());
        }
    }

    private Cookie createCookie(String str, String str2, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("createCookie ").append(str).append(" ").append(str2).toString());
        }
        Cookie cookie = new Cookie(str, str2);
        cookie.setPath("/");
        cookie.setMaxAge(-1);
        cookie.setSecure(z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createCookie");
        }
        return cookie;
    }

    private void clearCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearCookie");
        }
        String cookieValue = WebAuthenticator.getCookieValue(httpServletRequest.getCookies(), "WASReqURL");
        if (cookieValue != null && cookieValue.length() > 0) {
            Cookie cookie = new Cookie("WASReqURL", "");
            cookie.setPath("/");
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("cleared REFERER_URL cookie. Original value was ").append(cookieValue).toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearCookie");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$web$FormLoginServlet == null) {
            cls = class$("com.ibm.ws.security.web.FormLoginServlet");
            class$com$ibm$ws$security$web$FormLoginServlet = cls;
        } else {
            cls = class$com$ibm$ws$security$web$FormLoginServlet;
        }
        tc = Tr.register(cls);
        credentialCache = null;
        initCache();
    }
}
